CVE 8.6 HIGH

Totolink N300RT formIpQoS buffer overflow_CVE-2026-7219

April 28, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

AI Analysis

Buffer overflow vulnerability in Totolink N300RT via manipulation of the entry_name argument in the /boafrm/formIpQoS file, allowing remote exploitation.

Basic Information

ID CVE-2026-7219

Source VulDB

Published Apr 28, 2026 at 03:00

Affected Product

Vendor Totolink

Product N300RT

Version 3.4.0-B20250430

Affected Versions Totolink N300RT 3.4.0-B20250430

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Totolink

Product N300RT

Version 3.4.0-B20250430

References

{
    "lastseen": "",
    "description": "A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.",
    "published": "2026-04-28T03:00:23.944Z",
    "modified": "2026-04-28T03:00:23.944Z",
    "type": "cve",
    "title": "Totolink N300RT formIpQoS buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359819\nhttps://vuldb.com/vuln/359819/cti\nhttps://vuldb.com/submit/808194\nhttps://github.com/xiaohaiyang-ai/IoT-Vulnerability-Research/tree/main/Vendors/TOTOLINK/N300RT/formIpQoS-Bof\nhttps://www.totolink.net/",
    "id": "CVE-2026-7219",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RT 3.4.0-B20250430",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RT",
    "version": "3.4.0-B20250430",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink N300RT via manipulation of the entry_name argument in the /boafrm/formIpQoS file, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "N300RT",
    "ai_version": "3.4.0-B20250430",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply